Hacking Websites with SQL Injection - Computerphile

preview_player
Показать описание
Websites can still be hacked using SQL injection - Tom explains how sites written in PHP (and other languages too) can be vulnerable and have basic security issues.

This video was filmed and edited by Sean Riley.

  1. Computerphile
  2. computers
  3. computerphile
  4. SQL Injection
  5. PHP (Programming Language)
  6. SQL (Programming Language)
Рекомендации по теме
Hacking Websites with 0:08:59

Hacking Websites with SQL Injection - Computerphile

SQL Injections are 0:10:14

SQL Injections are scary!! (hacking tutorial for beginners)

SQL Injection 101: 0:00:33

SQL Injection 101: Exploiting Vulnerabilities

Database Breached: The 0:00:36

Database Breached: The Power of SQL Injection

Website Database Hacking 0:17:45

Website Database Hacking using sqlmap tool | Ethical Hacking - SQL Injection Attack

Hacking into the 0:00:16

Hacking into the Bank with SQL Map

How To Hack 0:03:59

How To Hack ANY Database!

What Is SQL 0:02:39

What Is SQL Injection?

Web Application & 1:44:31

Web Application & Database Hacking in the Age of GenAI | AI in Ethical Hacking - 7

SQL Injection For 0:13:28

SQL Injection For Beginners

what is an 0:00:55

what is an SQL Injection?

SQL Injection - 0:14:20

SQL Injection - Scan Any Website Using Burpsuite | Hacking Websites with SQL Injection | Bug Bounty

Running an SQL 0:17:11

Running an SQL Injection Attack - Computerphile

How to hack 0:00:57

How to hack a localhost website with SQL injection

Hacking A Website 0:10:29

Hacking A Website w/ SQL Injection & Cross Site Scripting

How To Hack 0:08:23

How To Hack Any Website!

Bypass SQL Filters 0:00:23

Bypass SQL Filters & Get SQL Injection With These Quick Tips

Burp Suite Tutorial 0:07:15

Burp Suite Tutorial For Beginners With SQL Injection

4 Ways to 0:08:39

4 Ways to Hack a Website!

[Hindi] SQL Injection 0:04:11

[Hindi] SQL Injection Attack Explained | Practical Demo | SQLi

SQL Injection Hacking 1:01:05

SQL Injection Hacking Tutorial (Beginner to Advanced)

This Is How 0:13:02

This Is How Your Website Will Get Hacked: SQL Injection

SQL Injections Explained 0:11:40

SQL Injections Explained - The #1 Way Websites Are Hacked

code injection attack 0:10:20

code injection attack | Control any websites in Minutes!

Комментарии
Автор

He speaks SO LOUD... lol... I think the entire cafe knows how to hack websites by now...

bigsteamfan
Автор

This is the St Pancras Renaissance hotel in London - great that they let us film after our original location fell through - shame they wouldn't let me use lights though! >Sean

Computerphile
Автор

One of the better 'funny pictures' I have seen, was a numberplate on a pretty fast car, which had an SQL instruction to drop some tables... hello speed cameras ...

Kneedragon
Автор

Simply: don't ever ever trust user input.

Markus
Автор

"; DROP ALL DATABASES;

dammmit.

RockLou
Автор

"It's a hack on top of a hack.... That's a hack, and we've had to put more on top of that, and more on top of that, and more on top of that."

It's a hack stack!

RebeccaSentance
Автор

One finger: "Facebook was originally written in PHP"
Second finger: All other things.

Nice one.

hermest
Автор

Tom Scott is awesome! "If you can't explain it to an eight year old, you don't fully understand it yourself!" -Unknown Smart person

brettefantomet
Автор

>"You can read people's passwords..."

Well hopefully they're hashed anyway

capo
Автор

"It works, but it's clunky." - PHP in nutshell.

MrGeekGamer
Автор

Oh Tom Scott, you always manage to make us feel just a tad bit more paranoid.

glueee
Автор

I literally came to the video to see if he pronounced it as "sequel" or S.Q.L.

I got my answer instantly! :D

DaGleese
Автор

"Shouldn't work any more but still does."

Just ask TalkTalk's IT department...

mittfh
Автор

Amazing that he knows I'm a camera, I'm impressed!

someitguy
Автор

The correct way to think about this: when you are writing code that generates SQL, you need to generate it according to the SQL syntax. When you inject a string into an SQL statement, you need to convert that string into an "SQL string literal". This is done by adding the quotation marks at the beginning and end and escaping any character that has a different meaning in an SQL string literal than in a plain string (backslashes, quotes, etc...). The SQL syntax specification shows you where these string literals are allowed in a statement. If you are putting an integer into your SQL, you need to convert it to an "SQL integer literal", which is usually done just by converting it to a string. (Not an SQL string literal—just a string.)

yessopie
Автор

I am familiar with SQL injections but it doesn't work on any websites that are worth messing with

epicdman
Автор

Description amended to be less PHP specific - he does explain using PHP though, however little the PHP specific content >Sean

Computerphile
Автор

Love the non ordinary video background. Nicely explained topic. Thank you.

ignasmixer
Автор

Oh this should be some nostalgic fun, I remember back in highschool when injecting some code into a text field and... this video is from 2013. This video is from 2013? This video is from 2013! How in holy hell could ANYONE leave such a vulnerable area of security wide open this long?

Truthiness
Автор

Really enjoy the lighting and setting of this one. Informative person as well. Seeing a large increase in quality on this channel and it's much appreciated.

arosepsy
join shbcf.ru